Security News > 2021 > September > Chinese Authorities Arrest Hackers Behind Mozi IoT Botnet Attacks
The operators of the Mozi IoT botnet have been taken into custody by Chinese law enforcement authorities, nearly two years after the malware emerged on the threat landscape in September 2019.
"Mozi uses a P2P network structure, and one of the 'advantages' of a P2P network is that it is robust, so even if some of the nodes go down, the whole network will carry on, and the remaining nodes will still infect other vulnerable devices, that is why we can still see Mozi spreading," said Netlab, which spotted the botnet for the first time in late 2019.
Exploiting the use of weak and default remote access passwords as well as through unpatched vulnerabilities, the botnet propagates by infecting routers and digital video recorders to co-opt the devices into an IoT botnet, which could be abused for launching distributed denial-of-service attacks, data exfiltration, and payload execution.
Now according to Netlab, the Mozi authors also packed in additional upgrades, which includes a mining trojan that spreads in a worm-like fashion through weak FTP and SSH passwords, expanding on the botnet's features by following a plug-in like approach to designing custom tag commands for different functional nodes.
What's more, Mozi's reliance on a BitTorrent-like Distributed Hash Table to communicate with other nodes in the botnet instead of a centralized command-and-control server allows it to function unimpeded, making it difficult to remotely activate a kill switch and render the malware ineffective on compromised hosts.
"The Mozi botnet samples have stopped updating for quite some time, but this does not mean that the threat posed by Mozi has ended," the researchers cautioned.
News URL
http://feedproxy.google.com/~r/TheHackersNews/~3/Q2u5nz4MrzI/chinese-authorities-arrest-hackers.html
Related news
- Microsoft: Chinese hackers use Quad7 botnet to steal credentials (source)
- New Cryptojacking Attack Targets Docker API to Create Malicious Swarm Botnet (source)
- North Korean Hackers Using New VeilShell Backdoor in Stealthy Cyber Attacks (source)
- Microsoft and DOJ disrupt Russian FSB hackers' attack infrastructure (source)
- New Gorilla Botnet Launches Over 300,000 DDoS Attacks Across 100 Countries (source)
- Crypto-apocalypse soon? Chinese researchers find a potential quantum attack on classical encryption (source)
- Chinese Nation-State Hackers APT41 Hit Gambling Sector for Financial Gain (source)
- Notorious Hacker Group TeamTNT Launches New Cloud Attacks for Crypto Mining (source)
- US says Chinese hackers breached multiple telecom providers (source)
- Chinese Hackers Use CloudScout Toolset to Steal Session Cookies from Cloud Services (source)